Feedback on ApplicationAuthenticationAddOn

-- SopanShewale - 16 Mar 2005

Very interesting! I'm looking forward to test this. Thanks for sharing this with the community!

-- FranzJosefSilli - 16 Mar 2005

I second Franz, thanks for sharing

-- PeterThoeny - 18 Mar 2005

SopanShewale, there's a substantial feature overlap with the AuthPagePlugin that was recently released also. I appreciate very much the logout-feature of your add-on.

But your code for securing attachments is realy needed outside of this add-on and should be added to the TWiki core IMHO (see SecuringAttachments). However the TWikiAuthen module is not ready for the upcomming dakar release as far as I've seen. So dakarizing your work would be great !

-- MichaelDaum - 09 Apr 2005

I created an LDAP supporting version for this great addon. I'll attach the do_login_ldap module and the settings for TWiki.cfg

-- SamDetweiler - 08 May 2005

Thank you MichaelDaum for your valuable comments. Thanks SamDetweiler for your work on LDAP authentication script.

I have created the bin/logout script and modified the bin-ssl/do_login script. The bin/logout script is direct modification of bin/do_logout script. With the modified scripts, the redirection works properly, e.g. If user "A" is in web called "Examples", working on topic "SecreteExamples", if A clicks on logout, he becomes "Guest" and is redirected to "Examples/SecreteExamples" topic.

The scripts bin/logout and bin-ssl/do_login are available with the attachment LoginLogoutScripts.tar.gz Please note that you have to modify the line

%CALC{"$SET(url2, "http://example/bin/do_logout")"}%

%CALC{"$SET(url2, "http://example/bin/logout")"}%

-- SopanShewale - 28 May 2005

I have released the new SessionPlugin.pm file at SessionPluginDev . It addresses the issue "User logs out automatically" described at ApplicationAuthenticationAddOn

-- SopanShewale - 05 Jun 2005

I'm halfway there. The session login and logout works great. And on one PC running Apache2 and mod_perl I managed to get TWikiAuthen.pm working semi-ok. However, on a server running Apache1 and mod_perl the use of the TWikiAuthen handler causes the session information to be dropped! Everything goes well without TWikiAuthen.. unfortunately TWikiAuthen is essential to the project I'm working on.. and I'm not having any luck splitting it out into a CGI handler (because maybe it's mod_perl that's having trouble). Will update if I solve the problem.

Update: I've decided to do what some others have done and custom-rolled my own lib/TWiki/UI/Viewfile.pm and bin/viewfile. And used the RewriteRule command in Apache config to force all /pub URLs into bin/viewfile.

-- PeterPayne - 26 Oct 2005

Someone should validate this but I suspect this plugin is probably largely unnecessary with DakarRelease.

-- MartinCleaver - 26 Oct 2005

Has anyone tried this with cookies turned off in their browser? SessionPlugin seems to be okay with this until I try the /twiki/bin/do_login script that comes with ApplicationAuthenticationAddOn. At this point my login/session information is lost.

-- PeterPayne - 01 Nov 2005

Is this add-on still relevant for TWiki 4? Is it's functionality covered by TWiki's TemplateLogin manager?

• If not relevent: You could obsolete the add-on
• If relevent: Please add a SHORTDESCRIPTION bullet to the Add-On Info section so that this add-on is listed properly in the AddOnPackage topic and query topics.

-- PeterThoeny - 06 Oct 2006

Peter,

• Yes, TWiki's TemplateLogin manager provides the required functionality.
• My requirement was-just pass username/password through HTTPS for authentication (for security purpose) and other trafic through HTTP-but i think this is very specific to my setup. May not be usefull for other people.
• I will give some more thought and obsolete the add-on.

-- SopanShewale - 19 Oct 2006